December 6, 2022

FBI Director Compares Ransomware Challenge to 9/11

FBI Director

Christopher Wray

said the agency was investigating about 100 different types of ransomware, many of which trace back to hackers in Russia, and compared the current spate of cyberattacks with the challenge posed by the Sept. 11, 2001, terrorist attacks.

“There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” Mr. Wray said in an interview Thursday. “There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”

Mr. Wray’s comments—among his first publicly since two recent ransomware attacks gripped the U.S. meat and oil-and-gas industries—come as senior Biden administration officials have characterized ransomware as an urgent national-security threat and said they are looking at ways to disrupt the criminal ecosystem that supports the booming industry. Each of the 100 different malicious software variants are responsible for multiple ransomware attacks in the U.S., Mr. Wray said.


What are your greatest concerns about cyber issues? Join the conversation below.

Ransomware is a type of malicious computer code that locks up a victim network’s files that hackers use to demand payment for their release, typically with digital currency such as bitcoin.

This week, hackers held hostage the world’s largest meat processor, just weeks after the operator of an essential pipeline bringing gasoline to parts of the East Coast paid about $4.4 million to regain control of its operations and restore service.

Senior officials at the Federal Bureau of Investigation for years have likened the need to confront rising cyber threats to the post-9/11 scramble against international terrorism. But Mr. Wray said the wave of recent ransomware attacks had spotlighted the toll cyberattacks can have on all Americans.

“Now realizing it can affect them when they’re buying gas at the pump or buying a hamburger—I think there’s a growing awareness now of just how much we’re all in this fight together,” Mr. Wray said.

While the most prominent of the recent ransomware hacks disrupted gasoline deliveries and took meat-processing plants temporarily offline, they represent only a fraction of the some 100 types of ransomware the FBI is investigating, Mr. Wray said. “Those are just two,” he said, adding that each of those 100 different malicious software variants had affected between a dozen and 100 targets.

“The scale of this problem is one that I think the country has to come to terms with,” he said.

A cyberattack on the U.S.’s largest fuel pipeline on May 7 forced a shutdown that triggered a spike in gas prices and shortages in parts of the Southeast. WSJ explains just how vulnerable the nation’s critical energy infrastructure is to attack. Photo illustration: Liz Ornitz/WSJ

Complaints to the FBI and reports from the private sector show ransomware incidents have tripled in the past year, Mr. Wray said. While private-sector estimates of the toll to the U.S. economy vary, companies that track ransomware generally put the cost at hundreds of millions or billions of dollars annually and say it is rapidly increasing.

U.S. authorities have attributed this week’s attack on


the world’s biggest meat company by sales, to a criminal ransomware gang in Russia, and the White House has said President Biden planned to bring up the problem during a summit with Russian President

Vladimir Putin

in Geneva planned for June 16. Mr. Biden said he would look closely at whether to retaliate against Russia for the attacks.

In the interview, Mr. Wray singled out Russia as harboring many of the known users of ransomware, providing a haven that security experts and U.S. officials have said has allowed criminal ransomware gangs to flourish throughout Eastern Europe.

“Time and time again, a huge portion of those traced back to actors in Russia. And so, if the Russian government wants to show that it’s serious about this issue, there’s a lot of room for them to demonstrate some real progress that we’re not seeing right now,” Mr. Wray said.

Mr. Wray, who has led the bureau since 2017, has about six years remaining in his 10-year term, and Mr. Biden has said he planned to keep Mr. Wray in the post. He has kept a low profile during his tenure, as the FBI faced criticism from former President

Donald Trump,

who publicly and privately contemplated firing Mr. Wray. In his few public appearances during the pandemic, Mr. Wray has pushed the private sector and international community to collaborate more with the FBI to battle hackers, including those from criminal gangs and foreign intelligence services seeking information from U.S. companies or institutions.

While the FBI has a policy of discouraging targets of such cyberattacks from paying the ransom, Mr. Wray said the agency was more interested in having companies cooperate with the bureau in their investigations into the attacks, to help piece together the puzzle of who was behind the attacks and figure out ways to thwart them.

On Thursday, Deputy Attorney General Lisa Monaco issued a memorandum to U.S. attorney’s offices around the country urging all ransomware investigations to be coordinated with a task force created in April.

Mr. Wray said coordination can pay off for ransomware victims and law enforcement alike. “I don’t want to suggest that this is the norm, but there have been instances where we’ve even been able to work with our partners to identify the encryption keys, which then would enable a company to actually unlock their data—even without paying the ransom,” he said.

Cybersecurity experts who have tracked the proliferation of ransomware attacks for years said they were encouraged by signals from Mr. Wray and others in the Biden administration that the issue had been elevated to a top national-security priority, but said the problem remained vexing.

“We will have to be creative and aggressive if we want to turn back the tide of this problem,” said John Hultquist, vice president of analysis at the cybersecurity firm Mandiant. Security researchers have cited huge profit margins, ease of payments through digital currency and lack of criminal consequences as difficult-to-solve factors contributing to the rise of ransomware.

Other senior administration officials this week echoed Mr. Wray’s call for coordination, saying the government can only do so much to combat ransomware gangs when the targets largely are private companies, most of which operate with little to no federal regulatory oversight of their cybersecurity standards.

Some Republicans have pressed the Biden administration to be more forceful in its response to ransomware and explain more clearly what penalties exist for hackers who target critical infrastructure.

“The danger from cyberattack is real, and we need more urgent cooperation between our public and private sectors, and more severe consequences for global cyber attackers,”

Sen. Ben Sasse

(R., Neb.) said after the JBS hack was disclosed this week.

Anne Neuberger,

the White House deputy national security adviser for cyber and emerging technology, sent a memo to corporate executives and business leaders this week urging companies to “immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations.”

In the memo, a copy of which was reviewed by The Wall Street Journal, Ms. Neuberger said the Biden administration was working with other countries to hold ransomware gangs accountable.

“But we cannot fight the threat posed by ransomware alone,” Ms. Neuberger said. “The private sector has a distinct and key responsibility. The federal government stands ready to help you implement these best practices.”

Companies at Risk of Cyberattacks

Write to Aruna Viswanatha at [email protected] and Dustin Volz at [email protected]

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

in Tech
Related Posts

Lordstown Motors Looks to Reset Its Course a Day After CEO’s Exit

June 15, 2021

June 15, 2021

Executives at troubled electric-truck startup Lordstown Motors Corp. said Tuesday that the company has enough interest from potential buyers to...

Your AirPods Aren’t ‘Magically Connecting’? Here Are Some Things to Try.

May 30, 2021

May 30, 2021

Apple’s website touts the AirPods’ ability to “connect magically” to iPhones and “move seamlessly” between iPhones, Apple Watches, iPads and...

You’ll Soon be Able to Use Your Apple Watch Without Touching the Screen

May 21, 2021

May 21, 2021

Later this year, Apple Inc. will introduce features that allow users to control an iPad with their eyes, and its...

App Taps Unwitting Users Abroad to Gather Open-Source Intelligence

June 24, 2021

June 24, 2021

WASHINGTON—A consumer app has assembled a workforce of hundreds of thousands of smartphone users world-wide, some of whom are being...

Huawei Targets Google’s Android Dominance with Harmony OS

June 1, 2021

June 1, 2021

HONG KONG—Huawei Technologies Co. on Wednesday launches its self-developed operating system for mobile phones, the company’s latest bid to break...

Lordstown Motors Says It Needs to Raise Cash, Lowers Production Forecast

May 24, 2021

May 24, 2021

Electric-truck startup Lordstown Motors Corp. RIDE 0.94% said Monday it faces higher-than-expected costs, is cutting its 2021 production forecast by...

How to Get More Women Into Technology

June 1, 2021

June 1, 2021

During her decadeslong career in technology, Judith Spitz watched as the “dismal number” of women in the industry failed to...

Ohio Sues Meta Alleging Facebook Parent Misled Public About Its Products’ Effect on Children

November 15, 2021

November 15, 2021

Ohio’s attorney general is suing Meta Platforms Inc., formerly known as Facebook Inc., alleging the company misled the public about...

Jobs for the City of Tomorrow

June 7, 2021

June 7, 2021

The Future of Everything covers the innovation and technology transforming the way we live, work and play, with monthly issues...

Motorola Solutions Raises Spending on Body Cameras to Grab Market Share

June 3, 2021

June 3, 2021

Motorola Solutions Inc. plans to spend more on developing body cameras and other video-security tools as it seeks to bulk...

Ransomware Group Behind Meat-Supply Attack Threatens Hundreds of New Targets

July 3, 2021

July 3, 2021

The ransomware group that collected an $11 million payment from meat producer JBS SA about a month ago has begun...

Google, Facebook, Amazon Among Those Set to Fight House Big Tech Antitrust Package

June 24, 2021

June 24, 2021

The House Judiciary Committee voted on Thursday to approve the final piece of its six-part package, the “Ending Platform Monopolies...

Inside Comcast’s Plan to Become a Streaming Giant

June 23, 2021

June 23, 2021

Comcast Corp. chief executive Brian Roberts built a colossus, branching out from cable and broadband into entertainment with the acquisition...

What is the Metaverse? The Future Vision for the Internet

November 6, 2021

November 6, 2021

People will be able to do almost anything in the metaverse: attend concerts, watch UFC fights, participate in work meetings....

JBS Paid $11 Million to Resolve Ransomware Attack

June 9, 2021

June 9, 2021

JBS USA Holdings Inc. paid an $11 million ransom to cybercriminals who last week temporarily knocked out plants that process...